设为首页加入收藏
欢迎光临广西创正信息!
配置SVF实现有线园区网接入层示例
来源: | 作者:广西创正信息 | 发布时间: 2022-08-08 | 276 次浏览 | 分享到:
适用于大中型园区纯有线接入的网络。

配置SVF实现有线园区网接入层示例

组网需求

在新建的有线园区网中,接入层设备较多且分布较广,使得接入层设备的管理、配置较为复杂。用户希望可以对接入层设备做统一的管理与配置,以减少管理成本。

图1所示,汇聚层由两台交换机组成集群系统,作为Parent连接多台AS。

Parent以S12700为例,一级AS以S5720-28P-SI-AC为例,二级AS以S5720-28TP-LI-AC为例。

配置思路

采用如下的思路配置:

1.  配置Parent组成集群,以保证SVF系统的高可靠性。

2.  使能Parent的SVF功能。

3.  配置AS的接入参数,包括AS的名称、认证方式、Parent连接一级AS的Fabric-port、一级AS连接二级AS的Fabric-port。

4.  连接一级AS与Parent、二级AS与一级AS之间的线缆。

5.  配置业务模板并将其绑定至各AS。

操作步骤

1.  配置Parent中的两台交换机组成集群系统。

2.  登录集群系统并使能SVF功能。

# 配置SVF的管理VLAN并使能Parent的SVF功能。

<HUAWEI> system-view

[HUAWEI] vlan batch 11

[HUAWEI] dhcp enable

[HUAWEI] interface vlanif 11

[HUAWEI-Vlanif11] ip address 192.168.11.1 24

[HUAWEI-Vlanif11] dhcp select interface

[HUAWEI-Vlanif11] dhcp server option 43 ip-address 192.168.11.1

[HUAWEI-Vlanif11] quit

[HUAWEI] capwap source interface vlanif 11

[HUAWEI] stp mode rstp

[HUAWEI] uni-mng

Warning: This operation will enable the uni-mng mode and disconnect all ASs. STP calculation may be triggered and service traffic will be affected. Continue? [Y/N]:y

3.  配置AS的接入参数。

# (可选)配置各AS的名称。

·        如果不执行此步骤,则系统会在AS上线时自动生成AS设备信息的相关配置,其中AS名称为“系统默认名称-系统MAC地址”。

·        如果要执行此步骤,请确保配置的model以及mac-address参数与设备实际信息一致,其中mac-address一定要是AS的管理MAC或系统MAC(在AS上执行命令display as access configuration查看管理MAC地址,如果管理MAC显示为“--”,mac-address就使用系统MAC地址),配置与实际接入的AS信息不符将导致AS无法上线。

[HUAWEI-um] as name as1 model S5720-28P-SI-AC mac-address 00e0-fc00-0011

[HUAWEI-um-as-as1] quit

[HUAWEI-um] as name as2 model S5720-28P-SI-AC mac-address 00e0-fc00-0022

[HUAWEI-um-as-as2] quit

[HUAWEI-um] as name as3 model S5720-28P-SI-AC mac-address 00e0-fc00-0033

[HUAWEI-um-as-as3] quit

[HUAWEI-um] as name as4 model S5720-28TP-LI-AC mac-address 00e0-fc00-0044

[HUAWEI-um-as-as4] quit

[HUAWEI-um] as name as5 model S5720-28TP-LI-AC mac-address 00e0-fc00-0055

[HUAWEI-um-as-as5] quit

# 配置Parent连接一级AS的Fabric-port。以配置Parent连接as1的Fabric-port为例。

[HUAWEI-um] interface fabric-port 1

[HUAWEI-um-fabric-port-1] port member-group interface eth-trunk 1

[HUAWEI-um-fabric-port-1] quit

[HUAWEI-um] quit

[HUAWEI] interface gigabitethernet 1/1/0/1

[HUAWEI-GigabitEthernet1/1/0/1] eth-trunk 1

[HUAWEI-GigabitEthernet1/1/0/1] quit

[HUAWEI] interface gigabitethernet 2/1/0/1

[HUAWEI-GigabitEthernet2/1/0/1] eth-trunk 1

[HUAWEI-GigabitEthernet2/1/0/1] quit

配置Parent连接as2的Fabric-port 2、连接as3的Fabric-port 3的过程请参照as1,过程略。

# 配置一级AS连接二级AS的Fabric-port。

[HUAWEI] uni-mng

[HUAWEI-um] as name as1

[HUAWEI-um-as-as1] down-direction fabric-port 4 member-group interface eth-trunk 4

[HUAWEI-um-as-as1] port eth-trunk 4 trunkmember interface gigabitethernet 0/0/23 to 0/0/24

[HUAWEI-um-as-as1] quit

[HUAWEI-um] as name as3

[HUAWEI-um-as-as3] down-direction fabric-port 5 member-group interface eth-trunk 5

[HUAWEI-um-as-as3] port eth-trunk 5 trunkmember interface gigabitethernet 0/0/23 to 0/0/24

[HUAWEI-um-as-as3] quit

[HUAWEI-um] quit

# 配置AS上线接入时进行白名单认证。

在AS上执行命令display as access configuration查看AS的管理MAC,如果管理MAC显示为“--”,白名单中配置的MAC就是AS的系统MAC,否则就是管理MAC。

[HUAWEI] as-auth

[HUAWEI-as-auth] undo auth-mode

[HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0011

[HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0022

[HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0033

[HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0044

[HUAWEI-as-auth] whitelist mac-address 00e0-fc00-0055

[HUAWEI-as-auth] quit

4.  连接一级AS与Parent、二级AS与一级AS之间的线缆。

# 执行命令reset saved-configuration清空AS的配置并重新启动后,连接一级AS与Parent、二级AS与一级AS之间的线缆,SVF即可建立。

·        在重启AS前,请先判断AS与Parent相连的接口是否是下行接口。若AS与Parent相连的接口是下行接口,请在AS重启前执行命令uni-mng up-direction fabric-port设置该接口为上行接口(可执行命令display uni-mng up-direction fabric-port查看接口是否成功设置为上行接口),否则会导致AS无法正常上线。

·        AS连接Parent时要求必须为空配置(无启动配置文件)且Console口无输入。

# 连接线缆后,执行命令display as all查看各AS是否成功上线接入。

[HUAWEI] display as all

Total: 5, Normal: 5, Fault: 0, Idle: 0, Version mismatch: 0

--------------------------------------------------------------------------------

No.  Type           MAC            IP              State        Name

--------------------------------------------------------------------------------

0    S5720-SI       00e0-fc00-0011 192.168.11.254  normal      as1

1    S5720-SI       00e0-fc00-0022 192.168.11.253  normal      as2

2    S5720-SI       00e0-fc00-0033 192.168.11.252  normal      as3

3    S5720-LI       00e0-fc00-0044 192.168.11.251  normal      as4

4    S5720-LI       00e0-fc00-0055 192.168.11.250  normal      as5

--------------------------------------------------------------------------------

当“State”的状态为“normal”时表示AS已成功上线接入。

5.  配置业务模板并绑定至AS。

# 配置AS管理员模板并绑定至所有的AS。

[HUAWEI] uni-mng

[HUAWEI-um] as-admin-profile name admin_profile

[HUAWEI-um-as-admin-admin_profile] user asuser password hello@123

[HUAWEI-um-as-admin-admin_profile] quit

[HUAWEI-um] as-group name admin_group

[HUAWEI-um-as-group-admin_group] as name-include as

[HUAWEI-um-as-group-admin_group] as-admin-profile admin_profile

[HUAWEI-um-as-group-admin_group] quit

# 配置网络基础模板并绑定至AS的端口。

[HUAWEI-um] network-basic-profile name basic_profile_1

[HUAWEI-um-net-basic-basic_profile_1] user-vlan 10

[HUAWEI-um-net-basic-basic_profile_1] quit

[HUAWEI-um] network-basic-profile name basic_profile_2

[HUAWEI-um-net-basic-basic_profile_2] user-vlan 20

[HUAWEI-um-net-basic-basic_profile_2] quit

[HUAWEI-um] port-group name port_group_1

[HUAWEI-um-portgroup-port_group_1] as name as1 interface all

[HUAWEI-um-portgroup-port_group_1] as name as2 interface all

[HUAWEI-um-portgroup-port_group_1] as name as4 interface all

[HUAWEI-um-portgroup-port_group_1] network-basic-profile basic_profile_1

[HUAWEI-um-portgroup-port_group_1] quit

[HUAWEI-um] port-group name port_group_2

[HUAWEI-um-portgroup-port_group_2] as name as3 interface all

[HUAWEI-um-portgroup-port_group_2] as name as5 interface all

[HUAWEI-um-portgroup-port_group_2] network-basic-profile basic_profile_2

[HUAWEI-um-portgroup-port_group_2] quit

[HUAWEI-um] quit

# 提交配置,使业务模板中的配置下发至AS。

[HUAWEI-um] commit as all

Warning: Committing the configuration will take a long time. Continue?[Y/N]: y

# 执行命令display uni-mng commit-result profile查看业务模板中的配置是否已成功下发至AS。

[HUAWEI-um] display uni-mng commit-result profile

Result of profile:

--------------------------------------------------------------------------------

 AS Name                         Commit Time               Commit/Execute Result

--------------------------------------------------------------------------------

 as1                             2014-08-25 22:29:18       Success/Success

 as2                             2014-08-25 22:29:18       Success/Success

 as3                             2014-08-25 22:29:20       Success/Success

 as4                             2014-08-25 22:29:20       Success/Success

 as5                             2014-08-25 22:29:20       Success/Success

--------------------------------------------------------------------------------

当“Commit/Execute Result”的状态为“Success/Success”时表示业务模板中的配置已成功下发至AS。

配置文件

 

 

 

 

#

vlan batch 11

#

stp mode rstp

stp instance 0 priority 28672

#

lldp enable

#

dhcp enable

#

interface Vlanif11

 ip address 192.168.11.1 255.255.255.0

 dhcp select interface

 dhcp server option 43 ip-address 192.168.11.1

#

interface Eth-Trunk1

 port link-type hybrid

 port hybrid tagged vlan 1 10 to 11

 stp root-protection

 stp edged-port disable

 mode lacp

 loop-detection disable

 mad relay

#

interface Eth-Trunk2

 port link-type hybrid

 port hybrid tagged vlan 1 10 to 11

 stp root-protection

 stp edged-port disable

 mode lacp

 loop-detection disable

 mad relay

#

interface Eth-Trunk3

 port link-type hybrid

 port hybrid tagged vlan 1 11 20

 stp root-protection

 stp edged-port disable

 mode lacp

 loop-detection disable

 mad relay

#

interface GigabitEthernet1/1/0/1

 eth-trunk 1

#

interface GigabitEthernet1/1/0/2

 eth-trunk 2

#

interface GigabitEthernet1/1/0/3

 eth-trunk 3

#

interface GigabitEthernet2/1/0/1

 eth-trunk 1

#

interface GigabitEthernet2/1/0/2

 eth-trunk 2

#

interface GigabitEthernet2/1/0/3

 eth-trunk 3

#

capwap source interface vlanif11

#

wlan  wlan ap lldp enable  wlan work-group default #

as-auth

 whitelist mac-address 00e0-fc00-0011

 whitelist mac-address 00e0-fc00-0022

 whitelist mac-address 00e0-fc00-0033

 whitelist mac-address 00e0-fc00-0044

 whitelist mac-address 00e0-fc00-0055

#

uni-mng

 as name as1 model S5720-28P-SI-AC mac-address 00e0-fc00-0011

  down-direction fabric-port 4 member-group interface Eth-Trunk 4

  port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/23

  port Eth-Trunk 4 trunkmember interface GigabitEthernet 0/0/24

 as name as2 model S5720-28P-SI-AC mac-address 00e0-fc00-0022

 as name as3 model S5720-28P-SI-AC mac-address 00e0-fc00-0033

  down-direction fabric-port 5 member-group interface Eth-Trunk 5

  port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/23

  port Eth-Trunk 5 trunkmember interface GigabitEthernet 0/0/24

 as name as4 model S5720-28TP-LI-AC mac-address 00e0-fc00-0044 

 as name as5 model S5720-28TP-LI-AC mac-address 00e0-fc00-0055

 interface fabric-port 1

  port member-group interface Eth-Trunk 1

 interface fabric-port 2

  port member-group interface Eth-Trunk 2

 interface fabric-port 3

  port member-group interface Eth-Trunk 3

 as-admin-profile name admin_profile

  user asuser password %^%#Ky,WNqWh_DZ[(V96yvSEph)VLMc/+U}>]i2:"9n:%^%#

 network-basic-profile name basic_profile_1

  user-vlan 10

 network-basic-profile name basic_profile_2

  user-vlan 20

 as-group name admin_group

  as-admin-profile admin_profile

  as name as1

  as name as2

  as name as3

  as name as4 

  as name as5

 port-group name port_group_1

  network-basic-profile basic_profile_1

  as name as1 interface GigabitEthernet 0/0/1 to 0/0/22

  as name as2 interface GigabitEthernet 0/0/1 to 0/0/24

  as name as4 interface Ethernet 0/0/1 to 0/0/24

 port-group name port_group_2

  network-basic-profile basic_profile_2

  as name as3 interface GigabitEthernet 0/0/1 to 0/0/22

  as name as5 interface Ethernet 0/0/1 to 0/0/24 

#

return